Related Posts
Hi Tcser,
I am in RMG now, Looking for onsite opportunity,I hv total working experience of 8 years where with Tcs 6+ years,
Worked for many domain including Networking,voice and data issues for isp.
Then worked on Telecom domain for DHCP & MME domain,
If any references kindly let me know. Tata Consultancy
Anyone there ?
This bowl is dead!
Leaving 😬
I can use a drink
Additional Posts in Risk Assurance
Hello - hope everyone is having a great weekend. I'm looking into risk assurance opportunities at Meta, especially Application Manager, Controls (min 5 YOE) and Manager, Compliance (min 12 YOE). I am a Senior Manager with 9 years of IT risks assurance experience. Does anyone have any thought on which position I should apply? If anyone currently at Meta could share your experience, that would also help. If anyone is open to providing referrals, I could provide my background. Facebook (Meta)
New to Fishbowl?
unlock all discussions on Fishbowl.



For key report testing, I have looked at the scripts that are used to run the reports. If there has been no change to the script for years, we have been able to persuade all parties that the report can be benchmarked. The first year you benchmark, you still have to go through the full testing process but after that, you can just confirm that the script is unchanged year over year.
Thanks for your response and example. Does this procedure apply to all types of key reports (standard vs. third party vs. custom) or are there different procedures you’ll perform based on the type of report? This is a “new” SEC company going into its 4th year of SOX testing. How established does the company SOX program have to be to determine the script have not changed year over year?
Benchmarking guidelines have gotten really strict lately with the increased focus on completeness and accuracy considerations. Overall, if you can prove that underlying code/logic of the setup of the report hasn’t changed, you can continue to leverage the testing done the first time for three years. The only benefit is that you don’t need to test the code logic again once you baseline it. But you still need to test the front end parameters applied and check that the output wasn’t modified etc. so not too much savings
I’m new to the firm and kinda asked around and there isn’t a guideline. I’m also not an IT auditor so just trying to gather as much info as I can before i speak with the IT folks who actually do the work.
Mentor
Can you elaborate a bit more on what you mean by benchmarking or baselining KRs, ITACs, or ITGCs?
Obtaining a change management log for the systems involved and relying on PY testing - which will be used as the baseline year - for the next 3 or so years as long as there’s been no changes to the system logic